CVE-2018-19468

HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
References
Link Resource
http://www.iwantacve.cn/index.php/archives/83/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:hucart:hucart:5.7.4:*:*:*:*:*:*:*

Information

Published : 2018-11-23 05:29

Updated : 2018-12-19 03:06


NVD link : CVE-2018-19468

Mitre link : CVE-2018-19468

Products Affected
No products.
CWE